Research Data Management Policy


This policy applies from the commencement date (1 July 2023) to all  research staff, students, supervisors and other members of the University community that are involved in the management of research data


To articulate the responsibilities of the University community for the management of research data. These responsibilities help to ensure that research data is managed in ways that are consistent with:

  • international standards for FAIR data and open research that are increasingly required by funders, data providers and publishers
  • the University’s obligations under Te Tiriti o Waitangi and commitment to becoming a Māori data sovereignty organisation,
  • the CARE principles for the governance of indigenous data, including Pacific data, and
  • legal, ethical and protective security requirements for research data.


University responsibilities

The University is responsible for:

1. Defining University roles and responsibilities for the management of research data.

2. Communicating the requirements of this policy and facilitating its adoption through the provision of training and guidance to researchers.

3. Providing the necessary infrastructure and services to enable researchers to meet their responsibilities for research data throughout the research data lifecycle.


Researcher responsibilities

Researchers are responsible for:

4.  Establishing and maintaining clear roles and responsibilities for the management of research data within their research project or group, with principal investigators retaining overall responsibility for ensuring compliance with this policy.

5. Ensuring that legal, ethical, data sovereignty, protective security and commercial constraints relating to research data are considered prior to data collection and adhered to throughout the research data lifecycle.

6. Preparing a Data Management Plan for sensitive or restricted data or where this is required by the University, a funder, ethics approval processes, research data provider or other external party.

7. Ensuring collaborations with external parties have agreements in place that are executed by the appropriate University delegate and specify ownership and custodianship rights and responsibilities for research data.

8. Identifying the resources required for the management of research data and confirming the availability and cost of these resources as part of proposal development for externally-funded and internally-funded research.

9. Ensuring that digital forms of research data are stored on an appropriate University-managed research storage service or other trusted storage service approved by the University Chief Information Security Officer.

10. Ensuring research data are accompanied by appropriate metadata to enable the application of FAIR, CARE and data sovereignty principles alongside the University’s data classification.

11. Publishing digital forms of research data in the University research data repository or other publicly accessible data repository unless the data cannot be published due to legal, ethical, data sovereignty or commercial constraints.

12. Including a data availability statement in all accepted manuscripts and final accepted theses describing how and on what terms any supporting research data may be accessed.

13. Ensuring there are appropriate data governance arrangements in place to represent the interests of rightsholders and other key stakeholders in the research data.

14. Ensuring research data are returned, retained, deleted and/or destroyed in accordance with legal, ethical, data sovereignty and commercial constraints.

15. Ensuring that non-digital forms of research data created after the commencement date of this policy are promptly digitised where possible and managed in accordance with this policy. The original non-digital research data are to be securely destroyed following digitisation unless there is a requirement for retention, in which case researchers will ensure appropriate storage arrangements.

16. Ensuring appropriate arrangements are made if they require and have rights to continued access to research data after leaving the University.


Supervisor responsibilities

Supervisors are responsible for:

17. Supervisors are responsible for providing guidance and support to students on the application of this policy to student research projects.

18. It is the responsibility of the supervisor to ensure that the student prepares a Data Management Plan where required under this policy, ensuring that research data ownership rights, licensing arrangements and custodianship responsibilities are clearly stated prior to the collection of the research data.


The following definitions apply to this document:

  • Agreement in the context of research data sharing refers to a formal contract that sets out the purpose of the data sharing, how the data will be managed and the rights and responsibilities of the parties
  • CARE (Collective benefit, Authority to control, Responsibility and Ethics) refers to the CARE Principles of Indigenous Data Governance published by the Global Indigenous Data Alliance.
  • Data Availability Statement, sometimes called a data access or accessibility statement, explains where the research data associated with an article or output can be found. It may include the conditions of access, reasons for restriction, and, where applicable, links to the data.
  • Data classification refers to the University’s schema for classifying different types of data, as detailed in the University's research data classification standard.
  • Data governance refers to the arrangements put in place to ensure the interests of rightsholders and stakeholders in research data are protected and that all ethical, legal, data sovereignty and commercial constraints are adhered to throughout the research data lifecycle.
  • Data Management Plan (DMP) is a plan describing: the research data that will be collected and its data classification; the legal, ethical, data sovereignty and commercial constraints relating to research data; how the research data will be organised and managed; the research data management roles, responsibilities, governance and access arrangements; how the research data will be stored, shared and returned, retained, deleted and/or destroyed (as appropriate). 
  • Deletion means logically, but not necessarily physically, erasing research data. Deletion does not always eliminate the possibility of recovering all or part of the original research data.
  • Destruction means the process of overwriting, erasing or physically destroying information so that it cannot be recovered.
  • FAIR (Findable, Accessible, Interoperable, and Reusable) refers to the FAIR guiding principles for scientific data management and stewardship originally published in 2016.
  • Institutional data refers to the administrative data generated by research activities e.g., grant or ethics applications, that is governed by the University’s Data Governance Policy. This includes data about research grants and contracts.
  • Māori data refers to digital or digitisable information or knowledge that is about or from Māori people, language, culture, resources, or environments.
  • Māori Data Sovereignty recognises that Māori data should be subject to Māori governance and managed in accordance with the principles of Māori Data Sovereignty published by Te Mana Raraunga. 
  • Metadata is information about research data, such as content, quality, format, location and access rights. 
  • Pacific data refers to digital or digitisable information or knowledge that is about or from Pacific people, language, culture, resources, or environments. 
  • Primary materials are physical objects and samples, such as biological samples, that are acquired for the purpose of research and from which research data may be derived.
  • Research data are the evidence that underpins the answer to a research question and can be used to validate findings regardless of its form (e.g., print, digital, or physical). Research data does not include institutional data or primary materials
  • Research staff means all staff members employed to undertake research as part of their employment agreement with the University. 
  • Researcher includes research staff, students, honorary appointees, adjunct appointees and contractors that undertake research at the University or using University resources, or otherwise on behalf of the University.
  • Restricted data has the meaning set out in the University’s research data classification standard.
  • Retention means to retain research data in accordance with the University’s minimum retention periods
  • Return means the return of research data and primary materials to the originating community or data provider, as indicated by the original terms of access to those data and materials.
  • Sensitive data has the meaning set out in the University’s research data classification standard
  • Student means any person enrolled in a degree, diploma or certificate course at the University whose enrolment includes undertaking research. 
  • Supervisor has the meaning set out in the Doctoral Supervision Policy and Procedures and the Masters by Research Supervision Guidelines.
  • University means Waipapa Taumata Rau | the University of Auckland and includes all subsidiaries.
  • University community includes all staff members (whether permanent, temporary or part time), honorary staff, students (whether full time or part time), contractors, subcontractors, consultants, alumni, associates, business partners or official visitors or guests of members of the University or UniServices.
  • University delegate in this context means the person with requisite authority to execute an agreement on behalf of the University as set out in the relevant delegation schedule or agency agreement with UniServices.

Key relevant documents

Document management and control

Owner: Deputy Vice-Chancellor (Research)
Content manager: Director Research Strategy and Integrity
Commencement Date: 1 July 2023
Approved by: Vice-Chancellor
Date approved: 4 April 2023
Review date: 4 April 2028